CLONE - Announcements service can generate "annc.null" events

Description

The announcements service can generate events like so (with an event of "annc.null"):
EVENT_ID: 950053626
EVENT_DATE: 2013-07-19 15:12:45
EVENT: annc.null
REF: /announcement/msg/222222/main/f83872cc-e4d0-4389-93ee-1af7294492b0
CONTEXT: 222222
SESSION_ID: XXXXXXXXXXXXXXXXXXXXXX
EVENT_CODE: m

This is because of a method called eventId which is called like so:

groupRefs = m_authzGroupService.getAuthzGroupsIsAllowed(m_sessionManager.getCurrentSessionUserId(),
eventId(function), groupRefs);

That eventId method looks like this:
protected String eventId(String secure) {
return SECURE_ANNC_ROOT + secure;
}

The method does not check for or handle properly invalid inputs.

Activity

Zhen Qian November 25, 2013 at 10:56 AM

merged and changes into ctools branches.

Beth Kirschner November 20, 2013 at 9:39 AM

We'll need to re-apply the changes from and also apply

Fixed

Details

Assignee

Reporter

Components

Fix versions

Affects versions

Priority

Created November 20, 2013 at 9:37 AM
Updated December 9, 2013 at 12:34 PM
Resolved November 25, 2013 at 10:57 AM